Archive for irules

DevCentral’s Featured Member for December - Kevin Davies

Posted in security, f5, big-ip, silva, devcentral, irules by psilva on December 1st, 2017

Kevin_Picture.jpgWhen we prepare for our Featured Member series, I typically send out a questionnaire and the DevCentral member writes out their answers. With the opening question I'll do a bit of editing and use that for the intro. This month however, airloom's Kevin Davies did such a great job with the opening, I decided to simply let him tell his story. A long-time DevCentral member and always engaged with the community, Kevin Davies is DevCentral's Featured Member to close out 2017. Congrats Kevin!

DevCentral: First, please explain to the DevCentral community a little about yourself, what you do and why it’s important.

Kevin: I suppose my interest in technology came from a desire to know how things work. My first job in computers was doing exactly that, building them at a small computer store in Brisbane. I have always been technical, being the pioneer in my family I immediately saw the potential they would bring and how it might shape the world…

I remember a quiet night alone in the office struggling to understand SCO Unix, as I’d come from a MS-DOS background. Yet I persisted, and using the SLIP protocol with static IP addressing, I successfully connected our business to the University, so we could receive email. This was back when Universities were connected globally and world wide web as we know it today, did not exist… yet.

My next role was to join an ISP as a help desk guy. Always in search of more knowledge, I figured the quickest way to get it was to immerse myself. Dealing with 10,000 users you rapidly discover the problems people are faced with as they try to get a handle on these things called modems! It was a great experience, and I attained my CCNA certification there. By the time I left three and a half years later, I was literally running the network.

Then I joined Unisys in a security role, to further expand my knowledge of firewalls and the way they operated. This required a deeper understanding of protocols, there were some very interesting problems you would come across. I lived for those moments and always found troubleshooting something I really enjoyed. During this job I transitioned from a Brisbane country town to Sydney the big city.

After various contracts and the GFC, I ended up at CSC doing more security, this time Checkpoint firewalls. It was here that I worked with my first BIG-IP. A load balancer, I mean what’s there to learn I thought? You send traffic here, you send traffic there… how little did I know. It wasn’t until I joined Red Education doing professional services that I came to understand the true capability of the device. Where I learned iRules provide customers with tremendous flexibility and iApps, API and automation toolsets make these devices scale and deploy in hybrid environments.

Now I work for airloom, the #1 F5 engineering partner in A/NZ, APJ and joint #1 globally providing solutions that no-one else could deliver. My first week at airloom I sat my 401 exams. My second week I was learning a completely new product. The third was sitting down with customers. They have a consistently high level of expertise that is not found elsewhere in Australia. They recruit and maintain the best, to deliver the outcomes customers need. After eight years F5 experience I thought would arrive here at least on par with the guys within the team. I was wrong.

DC: You are a very active contributor in the DevCentral community. What keeps you involved?

KD: I’ve always enjoyed helping others, it’s part of my DNA being a consultant. It is why I have enjoyed being an instructor as well as doing professional services for the last eight years. I’ve found that giving back to the community that has helped me is my way of saying thank you. From an airloom perspective the team is entirely focused on helping customers being successful so giving is what we do day in and day out.

DC:Tell us a little about the areas of BIG-IP expertise you have.

KD: I have enjoyed making the BIG-IP do magic for customers. It really is a powerful integration toolset in the right hands. Everyone needs to get traffic from A to B. With one of these the capability to add world class protection at any layer, multiple layers of authentication or even inspection becomes possible. That’s on top of providing high availability and redundancy for any application. Its level of detail and control is quite astonishing.

I’ve made stateless applications stateful, one protocol talk to another, the list goes on. My favorite has been iRules, I used to have a motto on the wall when I worked in one place for a few months… “iRules for breakfast, how many do you do?” That stateful piece was all written using iRules and saved the business over a million dollars in project costs whilst delivering projects quicker and with less errors.

I have deployed nearly every product, my most recent has been migrating customers from legacy F5 physical appliances into virtualized appliances running vCMP. Instead of just running one BIG-IP they can have eight of them on a mid-range appliance. F5’s zero contention virtualization platform means customers can have the speed and the flexibility to provision BIG-IP’s with N dedicated processing cores.

One of my favorite F5 product modules is APM. The visual policy editor is a brilliant tool for building your own custom security policy and provides incredibly flexibility. The authentication point to end all authentication points… SAML, OAUTH, OTP, AD, Radius, Tacacs, DIY. You can roll your own N factor auth with built-in/external MFA and have all of it layered using SSO. It really is the authentication cornerstone of the products and is a joy to work with.

DC: You are a Distinguished Engineer at airloom. Can you describe your typical workday and how you manage work/life balance?

airloom_logo.pngKD: On Monday’s I prepare for the weekly briefing, check outcomes from the previous week and start planning the day. Then tee myself up a list of things to do, including client meetings and begin preparation for them. These continue till the end of the day. I might be in the office one day, working remotely or both. We have no local infra except for a printer and wireless access points, everything we do is in the cloud. This means we are free to work from any location be it at home, office or customer site.

The role of an airloom Distinguished Engineer is a pretty awesome one, we report to our CTO Adrian (Nobby) Noblett who was the former F5 Solution Architect for APJ. Our role as DE’s is to help our client’s get the most out of their technology investments, however we are also given the creative license to develop new solutions we believe will help our clients. We have several goals to work towards on a regular basis, and they are not just about projects but also coming up with industry leading solutions no one else is across so we stay ahead of the curve and ensure our clients have access to the best solutions ahead of the entire market.

DC: You have a number of F5 Certifications including Technology Specialist (LTM) certifications. Why are these important to you and how have they helped with your career?

KD: I am certified in LTM, GTM, ASM, APM. I also just recently attained the Security Solutions Expert. F5 certifications are serious business. They provide assessment and recognition of technical skillset. This is valuable to airloom & valuable to my career and on top of my experience shows that someone is serious about maintaining their knowledge level on a product. I appreciate F5 are diligent about detecting and eradicating shortcuts as this maintains the value of the certification. The blueprints and study guide provided with each exam are highly relevant and far more than many other vendors provide to help professionals prepare themselves. From an airloom perspective it is a requirement that all DE’s are 401 level certified to hold the DE title at airloom, and we actually have the equal most number of 401’s in the world in our team!

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

KD: There have been many. The biggest was an iRule solution that a customer refused to implement as a black box solution! The data flow was deemed mission critical so they required on going monitoring. This meant writing another iRule to collect statistics. Then another to display them. The solution itself used about 100 subtables, the statistics around 1000 as it tracked not only the success or failure but all possible execution outcomes, effectively profiling the solution behavior per transaction.

This was then output not only as a html web page showing the effectiveness of the solution, but also available in XML format to be polled by a 3rd party monitoring platform. Their monitoring dashboard had graphs for each transaction type showing its effectiveness over time. It seemed overkill at the time however over three weeks the effectiveness of the solution gradually tapered off from 98% to 0% and by that time we were furiously troubleshooting with F5 support.

It turned out about 1 in 200,000 calls to a certain command would return an undocumented outcome. Once known the code was updated, the problem now was the BIG-IP contained hundreds of invalid table entries that never expire. Failing over was not a solution because the HA device maintained an identical copy through session table mirroring. The most effective solution involved a fourth and final iRule to iterate through every permutation and remove the invalid table entries.

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

KD: I think a tour guide. I love talking to people and seeing new things. I could probably travel for ten years and only see half what the world has to offer. Human beings are quite creative people and cultural differences produce an amazing diversity of ideas around the globe.

Thanks Kevin! Check out all of Kevin's DevCentral contributions, connect with him on LinkedIn and visit airloom or follow on Twitter.




DevCentral’s Featured Member for May – NTT Security’s Leonardo Souza

Posted in security, f5, big-ip, interview, silva, devcentral, irules, programmability by psilva on May 2nd, 2017

leonardo.jpgLeonardo Souza lives in the United Kingdom, with his partner, 5-year-old daughter, and a (very) recently newborn son. He’s Brazilian and lived in Portugal for quite a while. He then moved to UK about 5 years ago ‘because of the amazing weather,’ he jokes.

Leonardo started to work with computers when he was 18 years old (he’s not 18 anymore), so he’s worked with many technologies. Fast forward a bit (he’s not that old) and while working as a network engineer, he was working on a project to migrate applications from Alteon load balancers to F5 BIG-IP LTMs. He completed his LTM Essentials and LTM Advanced training during that time (2011) and with the migration project, he was impressed with BIG-IP.

He even applied for a job at F5 in 2012 and joined as a Network Support Engineer. That moved him from Portugal to UK, and has been doing F5 products exclusively ever since.

With all that, Leonardo is DevCentral’s Featured Member for May and we got a chance to talk with Leonardo about his life, work and scripting prowess.

DevCentral: You were an F5er from 2012-15 and continue to be a very active contributor in the DevCentral community. What keeps you involved?

Leonardo: I often say that 1 year in F5 support is equal to 5 years as a F5 customer.

While in F5 support, I had multiple technical challenges every day, and I would typically go to DevCentral to check iRules documentation and get ideas for uncommon cases. After I left F5, I started using DevCentral to stay up to date about what is going on in the F5 world by reading the DevCentral articles. Then I started to go there daily and answer some questions myself.

Short answer: to keep me updated, both about F5 news and my F5 knowledge.

DC: Tell us a little about the areas of BIG-IP expertise you have.

LS: Is difficult to know all F5 products, because some are for very specific networks/scenarios, but I know the common ones:

BIG-IP BIG-IP LTM, GTM/DNS, AFM, APM, ASM, EM, BIG-IQ, and iRules.

I had been a little bit lazy about the F5 certifications but recently I have done all level 300 exams. I have started study for the 401, so that should be done in the next couple months.

DC: As a Security Consultant at NTT Security, what’s your typical workday?

LS: First to clarify, the company recently changed names from NTT Com Security to NTT Security.

nttlogo.jpgI work in professional services, doing projects that use F5 products. My daily work includes doing some pre-sales activities advising pre-sales team about the F5 products, doing projects, and finding solutions or writing scripts to automate some F5 tasks.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

LS: I have been using DevCentral for many years, and iRules, to a point where it is part of my daily job. Flexibility is a major advantage for F5 and people ask all the time “Can you do this with an iRule?”

Recently, I was working in a project to upgrade many F5 devices. We had to perform an extensive inventory for each device which was taking about 3 days per device. I wrote a Python script using iControl SOAP to perform that task. (I still prefer bash script, but there is no iControl SOAP for bash)

It would take around 240 days to do that manually, and we did in around 3 days using the script.

DC: Finally, if you weren’t in technology – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

LS: I am doing the job I wanted since I was young and I can’t picture myself doing any other type of job.

Thanks Leonardo! Check out all Leonardo’s DevCentral contributions or connect with him on LinkedIn. And visit NTT Security on the web or follow on Twitter and LinkedIn.

 




Q/A with Admiral Group’s Jinshu Peethambaran - DevCentral’s Featured Member for March

Posted in Uncategorized, security, f5, big-ip, devcentral, irules by psilva on March 1st, 2017

 

jinshu_p.jpgJinshu Peethambaran is a security architect currently working with Admiral Insurance. He started his career 9 years ago, managing network security operations and started working on F5 products about 5 years ago.

He is also a 2017 DevCentral MVP and DevCentral’s Featured Member for March! DevCentral got a chance to talk with Jinshu about his work, life and his dream of being 100 million miles in space.

DevCentral: Hi Jinshu, thanks for you time. You’ve been a very active contributor to the DevCentral community. What keeps you involved?

Jinshu: DevCentral has helped me greatly over the years as I’ve worked with F5 products, so I feel like it’s worth spending some of my time both reading posts and helping others in the community. Searching DevCentral, I found another approaches to solving issues, helping me to solve challenges. Just checking the most recent questions is a great way to learn things.

DC: Tell us a little about your areas of BIG-IP expertise.

JP: At earliest stage in my career, I was involved on basic BIG-IP LTM projects. After some successful experiences, I started working on another level and learn different BIG-IP modules.

Now, I think I’m pretty comfortable with all F5 BIG-IP modules but I’m clearly specialized in security. Now I’m pretty confident on BIG-IP LTM, DNS (formerly GTM), ASM, APM and AFM modules. I have implemented multiple solutions using these combinations for different customers, all these years.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.


admirallogo.jpgJP:
iRules are great tool to solve unique BIG-IP challenges, but iRules are nothing without the developer’s community. DevCentral experts share experience not only about tcl coding but protocol knowledge, iRule events orders, and working iRules. And on the other side, some IT admins ask about new needs that I may answer for the next customer.

Security is a vast area and we get new requirements and challenges every time. Each time I get a new challenge, I first search on DevCentral to see if someone already solved it. If not, I’ll create my own iRule.

 

DC: Can you tell us a little about your blog, Secure Leaves and why it is important to Know your network before a hacker does?

JP: Since I started working on security domain, I through to give a helping hand for others as well. So I started this blog explaining small technical challenges and solutions for that. This blog focus on security products and hence the title “Know your network before a hacker does”.

 

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

JP: I’d probably be an Astronaut or a professional space traveler searching for external life and doing experiments in Mars. J When I was a kid I always dreamt about being an Astronaut, staring at the stars.

Thanks Jinshu! Check out all of Jinshu’s DevCentral contributions, check out his blog, or connect on LinkedIn. And visit Admiral Group plc on the web and LinkedIn

Related:

 




Q/A with ExITeam’s Security Engineer Stanislas Piron - DevCentral’s Featured Member for October

Posted in security, f5, big-ip, silva, devcentral, irules by psilva on October 4th, 2016

stanislas1.jpg

Stanislas Piron is a Security Engineer for ExITeam. 16 years ago, Stanislas started out with Firewalls, email and Web content security. His first F5 deployment was with LTM and Link Controller 10 years ago and he is DevCentral’s Featured Member for October!

He started to focus on F5 products as pre-sales engineer for a IT security distributor in charge of F5 development. 4 years ago, he joined Exiteam, a small company of two security engineers helping resellers audit, design and deploy security solutions for their customers. To provide real expertise, they both focus their skills on a small set of products. He works with F5 products about 80% of his time.

DevCentral got an opportunity to chat with Stanislas about his work, life and if European organizations have unique security requirements.

DevCentral: You’ve been an active contributor to the DevCentral community and wondered what keeps you involved?

Stanislas Piron: When I started working with F5 products, I created my DevCentral account to search piece of iRules and write my own iRules according to customer’s needs.

As the needs grew, I had some unanswered questions. Searching DevCentral, I found another approaches to solving issues, helping me to solve my own challenges. Each time I find a better way to solve my problems, I try to share my code.

I often read question and try to solve them thinking, “This can solve an issue of a customer I didn’t think about before”

DevCentral is a place where every time you help someone, you learn something.

DC: Tell us a little about the areas of BIG-IP expertise you have.

SP: My favorite BIG-IP product is APM (LTM+APM mode), which covers almost everything about authentication. It’s also the product we must configure as simple as possible if we do not want the customer to have headaches reading the access policy.

I often deploy BIG-IP with multiple modules including LTM, APM, AFM, GTM and ASM to offer high datacenter security.

Most of my deployments use the local traffic policies for standard admin tasks, iRules for application compatibility, and the tcl codes in APM to assign variable boxes.

DC: You are a Security Engineer with Exiteam, a security consulting practice. Can you explain how DevCentral helps with your daily challenges? Where does BIG-IP fit in the services you offer or within your own infrastructure?

exiteam_logo.jpg

SP: iRules is a great tool to solve problems BIG-IP is not addressing, but iRules is nothing without the developer’s community. DevCentral experts share experience not only about tcl coding but protocol knowledge, iRule events orders, and working iRules. And on the other side, some IT admins ask about new needs that I may answer for the next customer.

Each time I have a new challenge, I first search on DevCentral to see if someone already solved it. If not, I’ll create my own iRule.

DC: I understand you are in France and wondered, what are some of the unique information security challenges for European organizations?

SP: Information security challenges are not unique for European organizations as security risks are the same for all countries.

DC: Describe one of your biggest challenges and how DevCentral helped in that situation.

SP: With Microsoft Forefront TMG End of sale, most of my customers migrated to F5 products.

One of my customers, a SAAS provider, with almost exclusively Microsoft products (TMG, Exchange, Sharepoint, etc.) and with more than 20K concurrent users was evaluating how to migrate to BIG-IP LTM, ASM, APM and AFM.

During POC (and then deployment) we worked to get the same behavior with APM as TMG with SharePoint about office editing documents. I found some question on DevCentral with parts of an answer, but not the full answer. I wrote an iRule optimized for such a deployment (20K users) answering all the customer needs and shared it. Some DevCentral experts, who had the same needs, commented on it to make it simpler, generic and optimized.

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

SP I don’t remember what I wanted to be when I was child and IT is not a dream job if you don’t evolve. What I expect in my job is to not do the same job as the day before, and I think I found it. Every day, I meet new customers, I have new challenges and I learn something increasing my knowledge.

DC: Thanks Stanislas and congratulations! You can find Stanislas on LinkedIn and also check out his DevCentral contributions.

Related:




Q/A with Yann Desmarest - DevCentral’s Featured Member for July

Posted in security, f5, big-ip, silva, application delivery, network, irules, programmability by psilva on July 5th, 2016

YD3.jpg

Yann Desmarest is the Innovation Center Manager at e-Xpert Solutions SA and one of DevCentral’s top contributors. e-Xpert Solutions SA is a F5 Gold Partner, Unity Partner Support and a Guardian Partner. Yann has been a BIG-IP administrator for 6 years and enjoys basketball, table tennis, hacking, cinema and manga (especially Naruto).

And one of his favorite activities is developing complex iRules and that’s why he is DevCentral's Featured Member for July!

We got a chance to chat with Yann about his work, his life and why he enjoys participating in the DevCentral Community.

DevCentral: Hi Yann. Thanks for your time. You’ve been a tremendous contributor to the DevCentral community over the years and wondered what keeps you involved?

Yann: I’m always looking for new challenges and DevCentral is a really good place to solve complex issues and to share knowledge and experiences with peers. It’s also a place that I can find useful information on iControl, iRules and iApps code.

DC: Tell us a little about the areas of BIG-IP expertise you have.

YD: At my earliest stage in the business world, I was involved on basic BIG-IP LTM projects. After some successful experiences, I wondered if I could rise up to another level and decided to learn BIG-IP ASM, APM and GTM modules as well.

Now, I think I’m pretty comfortable with all F5 BIG-IP modules but I’m clearly specialized in security and more precisely the authentication and WebSSO part delivered by BIG-IP APM.

I also acquired some development skills using iRules and iControl.

DC: You often participate and post in the Codeshare area – tell us about some of your favorite submitted iRules/iApps and how they work.

YD: I've had several requests to protect Microsoft Skype for Business Edge services against NTLM brute force and dos attacks. I decided to develop an iRule to intercept the encrypted traffic and identify NTLM authentication attempts on the SIP flow. Then, suspicious IPs and users are blacklisted for a duration that you can define in the RULE_INIT event.

I had also requirements to provide Client certificate authentication on Microsoft Exchange ActiveSync for Apple iOS devices. The main issue is that this kind of authentication requires a Mobile Device Management or Apple Configurator system. Deploying a full MDM for that need may be overkill so we developed an iRule that provisions the Exchange payload to the iOS device. The client certificate is retrieved using SCEP protocol. Now, with the availability of iRulesLX, I will be able to extend this feature to retrieve a certificate using third party APIs.

And finally my favorite is the APM Full Step Up Authentication iRule and Access profile that we published on DevCentral. I had a look at the Step-Up authentication feature on the APM v12.1.0 and found that it’s currently limited. I decided to develop my own configuration to make it more flexible and mainly to have this feature available for older BIG-IP versions. No doubt that my configuration will be deprecated in future releases because APM will enhance its own feature set.

I have many more iRules, iApps and iControl scripts to share with the community in the future.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

logo_pantone.png

YD: I had a requirement to integrate APM with an iOS and Android mobile application. The application use SOAP body to POST credentials and a second factor was required for external users. I had to intercept the SOAP body to retrieve the username and password, then play those credentials through an external REST API web service and if the user is connecting from a public IP address, prompt the end user for a second factor that I send to a third party web gateway. This is a lot of peers and exchanges to integrate in the authentication process. I had also to implement full SOAP responses and handle errors. I consulted DevCentral and the iRules wiki to find how to use sideband connections, ifiles, ACCESS events and some crypto commands. Without the DevCentral community, I would not have been able to face this challenge.

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

YD: Computer science was part of my life since the very beginning. Later, I decided to be an IT expert, to solve complex challenges and to help people securing their environments. Now, I’m following my dreams and work hard to be a computer expert.

Just few words to thank all my colleagues and our F5 Field System Engineers that help me a lot to acquire more skills and experience on F5 technologies.

DC: Thanks Yann! Check out all of Yann’s DevCentral contributions and follow him @expertsolch




The Double Whammy of Scripting

Posted in f5, big-ip, silva, devcentral, irules, programmability by psilva on June 7th, 2016

Many of you are very familiar with iRules, our Tool Command Language (Tcl) based scripter. It’s a powerful application delivery tool to have a programmable proxy that allows you to manipulate – in real time - any network traffic passing through the BIG-IP. Many BIG-IP fans have used it to address their specific needs and some iRules have even been productized as features. For example, the cool ASM Data Mask feature that blocks sensitive info like SSN or credit card numbers from leaking out was once an iRule. Aw, our baby made it to the BIGs.

And by now you may have heard the trumpets about iRules LX, available in our most recent BIG-IP v12.1 release. So I was wondering if you were wondering what’s the difference between iRules and iRules LX? Why would you use one or the other?

iRules is based on Tcl and is an extremely stable and well-documented solution. We introduced it in BIG-IP v9.0 and we continue ongoing feature development for it. iRules Language eXtensions (where the LX comes from) is the next-generation of network programmability based on JavaScript. IRules LX is not intended to replace or antiquate Tcl, but provide additional functionality in certain situations.

Say you are writing a rule in Tcl that looks for some piece of data. When you find that data, you then need to make a database call to verify the parameters. That could get messy with many lines of code. You may even say to yourself, ‘Geeze, this would be a whole lot easier if I had a parser…wouldn’t that be nice.’ This is where IRules LX can be handy. Toss it over to a Node.js extension and let it do the work. With the proper node package manger (npm), of which there are some 280,000 (and counting), iRules LX will process and send back to Tcl so you can go on your merry way.

F5_Programmability-ISC_2015-v1_1b.jpg

Essentially, that last 10% is 90% of the work so why not have a proper engine run it.

IRules LX is a simple way to solve tough challenges…another tool to use when you need it. Granted, it is not necessarily a hammer but that particular hex tool for precise jobs. It also bridges into the new world of programming. Tcl is still very relevant yet Node.js a popular, cutting edge language that the development community has eaten up. It offers more flexibility when you need it and a new tool in your arsenal of application delivery solutions.

You should also check out Eric Flores' Getting Started with iRules LX series which covers some concepts, use cases, configurations and workflows.

ps

Related:




iRules - Is There Anything You Can’t Do?

Ex·ten·si·ble (in programming): Said of a system (e.g., program, file format, programming language, protocol, etc.) designed to easily allow the addition of new features at a later date. (from Dictionary.com)

Whenever I attend a F5 customer or partner gathering, I always ask of those who use iRules, 'Do you deploy iRules due to BIG-IP not having a particular feature or because you need to solve a specific issue within your unique architecture?'  Overwhelmingly, the answer is to address something exclusive to the environment.

An iRule is a powerful and flexible feature of BIG-IP devices based on F5's exclusive TMOS architecture. iRules provide customers with unprecedented control to directly manipulate and manage any IP application traffic and enables administrators to customize how you intercept, inspect, transform, and direct inbound or outbound application traffic.  iRules is an Event Driven scripting language which means that you'll be writing code based off of specific Events that occur within the context of the connections being passed through the Virtual IP your iRule is applied to.

There are many cool iRule examples on our DevCentral Community site like Routing traffic by URI and even instances where an iRule helped patch an Apache Zero-Day Exploit (Apache Killer) within hours of it being made public and well before the official Apache patch.  An iRule was able to mitigate the vulnerability and BIG-IP customers who have Apache web servers were protected.  Risk of exploit greatly diminished.

Recently our own Joe Pruitt, Sr. Strategic Architect with the DevCentral team, wrote a cool iRule (and Tech Tip) to Automate Web Analytics.  Analysis on the usage patterns of site visitors is critical for many organizations.  It helps them determine how their website is being utilized and what adjustments are needed to make the experience as best as possible...among many other things.  Joe's article discusses how to use an iRule to inject analytics code into HTML responses to enable the automation of analytics into your website software.  Adding a certain piece of JavaScript code into each web page that you would like monitored is one option but what happens if the release criteria for application code requires testing and adding content to pages in production is not allowed or multiple products from multiple application groups reside on a given server or even when 3rd party code is present where you don't have access to all the source that controls page generation.

If you have BIG-IP fronting your web application servers, then you can add Joe's iRule to inject client side JavaScript into the application stream without the application knowing about it.  Joe uses Google Analytics as an example, but, according to Joe, it is fairly easy to replace the content of the "analytics" variable with the replacement code for any other service you might be using.  Very cool indeed.

So while iRules might not be able to make your coffee in the morning - unless of course it is a slew of IP enabled coffee machines - they can help organizations create extremely agile, flexible and secure environments.  Like Oreos and Reese's, there have been a bunch of imitators but nothing is as good as the original.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1] o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]